ISO 19600 Compliance Assurance

Facilitating effective compliance & risk management.

ISO 19600 helps establish, develop, evaluate, and maintain a compliance management system. It brings together separate strands of compliance management and risk management, and its processes align very closely with ISO 31000, another risk management standard.

ISO 19600:2014 is based on the principles of;

good governance,

proportionality,

transparency and;

sustainability.

Simply put, Compliance Management refers to a company obeying applicable laws, relevant industry standards and internal policies (e.g. codes of conduct) it has decided to implement because they impact upon its business, its staff and its treatment of consumers.

Get our checklists

Request a quick quote

Contact Us

The guidelines on compliance management systems are applicable to all types of organizations. The extent of the application of these guidelines depends on the size, structure, nature and complexity of the organization.

Request a Quote

Learn more

Who can apply ISO 19600?

The standard provides a valuable improvement in that it can be applied to organisations. It is not exclusively designed for large companies; instead, it defines recommendations for a compliance management system that can be used by many different types of organisations. This includes companies of all sizes, foundations, associations, authorities and other organisations, both private and public. It is not necessary to register on a corresponding registry. This way, ISO 19600 covers industries and types of companies for which there were previously no recommendations.

How adaptable is the standard?

ISO 19600 is highly adaptable, as it has been designed as a guideline and can be applied to many different types of organisations. This is why there are annotations in numerous places, noting that measures must be adapted to the size and risks of the individual organisation, whether it be a large company or an association, and should always be proportionate.

Which models is the standard based on?

The standard is based on three fundamental models, which have been compiled into one compliance management system model. This includes the ‘Risk Management System’, making ISO 19600 a risk-based standard. In line with the ‘High-Level Structure’ model, the new standard complies with the structure of other management systems and can be integrated into or combined with existing management systems without any problems. The PDCA cycle is the third model that the standard is based on. PDCA stands for ‘Plan, Do, Check, Act’ and aims to establish a continuous improvement process.

Spark Solutions & Compass Assurance Services compliance impact ladder

In conjunction with the team from Spark Solutions, Compass Assurance has developed the compliance risk impact ladder.

This management system tool has been designed to assist organisations both large and small to understand how to structure compliance into their management systems.